Remove unused Network Security Groups

Delete all Network Security Groups which are not in use.

Risk Level: Low
Cloud Entity: Network security group
CloudGuard Rule ID: D9.AZU.NET.06
Covered by Spectral: Yes
Category: Networking & Content Delivery

GSL LOGIC

NetworkSecurityGroup should have networkAssetsStats contain-any [ count>0 ]

REMEDIATION

From Portal

  1. Go to 'Network Security Groups' from Azure Management console.
  2. Selete the Network Security Group that is not in use.
  3. Under the 'Review' tab select 'Delete' from the top panel.
  4. Select 'Yes' in the confirmation dialog box.

From TF
To delete the unused Network Security Groups, import them to Terraform by defining same resources then run 'terraform destroy' command.

resource "azurerm_network_security_group" "example" {
	...
	name                = "NSG"
	resource_group_name = "RESOURCEGROUP"
	location            = "LOCATION"
	...
}

From Command Line
Run

az network nsg delete --resource-group RESOURCEGROUP --name NSG

References

  1. https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal#delete-a-network-security-group
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group

Network security group

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Compliance Frameworks

  • Azure CSA CCM v.3.0.1
  • Azure CloudGuard Best Practices
  • Azure CloudGuard CheckUp
  • Azure CloudGuard Network Security Alerts
  • Azure CloudGuard SOC2 based on AICPA TSC 2017
  • Azure ISO 27001:2013
  • Azure LGPD regulation
  • Azure NIST 800-171
  • Azure NIST 800-53 Rev 4
  • Azure NIST 800-53 Rev 5
  • Azure NIST CSF v1.1
  • Azure New Zealand Information Security Manual (NZISM) v.3.4
  • Azure PCI-DSS 3.2
  • CloudGuard Azure All Rules Ruleset